Logging Flaw Allows Attackers to Read Sensitive Data via Login Function
CVE-2023-51712

4.7MEDIUM

Key Information:

Vendor: Trusted Firmware-M
Status: Trusted Firmware-m
Vendor: CVE Published:; 5 September 2024

Summary

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.

References

https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/

https://trustedfirmware-m.readthedocs.io/en/latest/securi...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 5, 2024